Versions Compared

Old Version 16

changes.mady.by.user Scott Cantor

Saved on

compared with

New Version 17

changes.mady.by.user Scott Cantor

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Make sure the HttpClient bean's tLSSocketFactory-ref property points to the shibboleth.SecurityEnhancedTLSSocketFactoryWithClientTLS bean.
  • Configure the component's injected HttpClientSecurityParameters instance's clientTLSCredential property with an X.509 credential.

The syntax for supplying a keypair can be essentially copied from the credentials.xml file that contains the more "usual" keys and certificates used by the IdP. Note that the beans defined in that file are not visible outside the RelyingPartyConfiguration so if you try to reuse them elsewhere, you'll get errors.

Code Block
<bean id="CustomHttpSecurity" class="org.opensaml.security.httpclient.HttpClientSecurityParameters">
	<property name="clientTLSCredential">
		<bean class="net.shibboleth.idp.profile.spring.factory.BasicX509CredentialFactoryBean"
			p:privateKeyResource="%{idp.home}/credentials/tlsclient.key"
			p:certificateResource="%{idp.home}/credentials/tlsclient.crt" />
	</property>
</bean>

<!-- Sample feature we're actually trying to use, which we inject custom rules into. -->
<bean id="PushReporter" parent="shibboleth.metrics.HTTPReporter" c:name="MyCollector"
	p:httpClient-ref="CustomHttpClient"
	p:httpClientSecurityParameters-ref="CustomHttpSecurity"
	p:collectorURL="https://log.example.org/cgi-bin/collector.cgi" />

HTTP Authentication

TBD

Reference

...

NameTypeDescription

shibboleth.NonCachingHttpClient                                                   NonCachingHttpClient                                                    

HttpClientFactoryBeanFactory bean for non-caching HTTP client
shibboleth.FileCachingHttpClientFileCachingHttpClientFactoryBeanFactory bean for file-based-caching HTTP client

shibboleth.MemoryCachingHttpClient

InMemoryCachingHttpClientFactoryBeanFactory bean for in-memory-caching HTTP client
shibboleth.StaticExplicitTrustEngine 3.3StaticExplicitKeyFactoryBeanFactory bean for creating ExplicitKeyTrustEngine
shibboleth.StaticPKIXTrustEngine 3.3StaticPKIXFactoryBeanFactory bean for creating PKIXX509CredentialTrustEngine
shibboleth.SecurityEnhancedTLSSocketFactory 3.2SecurityEnhancedTLSSocketFactorySocket factory that supports HttpClientSecurityParameters-aware components
shibboleth.SecurityEnhancedTLSSocketFactoryWithClientTLS 3.3SecurityEnhancedTLSSocketFactoryClient-TLS-capable socket factory that supports HttpClientSecurityParameters-aware components

...